Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | | move copyright statement to 2019 | 2019-02-07 | ||
| | | ||||
* | | Merge pull request #2391 from rusty-snake/add_klavaro-profile | 2019-02-06 | ||
|\ \ | | | | | | | Add a profile for klavaro | |||
| * | | Add a profile for klavaro | 2019-02-06 | ||
| | | | ||||
* | | | Merge branch 'master' of https://github.com/netblue30/firejail | 2019-02-06 | ||
|\| | | ||||
| * | | fix small memleak | 2019-02-05 | ||
| | | | ||||
| * | | variable only used when whitelisting enabled | 2019-02-05 | ||
| | | | ||||
| * | | cnt only used for debugging | 2019-02-05 | ||
| | | | ||||
| * | | move usage check to single place | 2019-02-05 | ||
| | | | ||||
| * | | use correct struct member for offset | 2019-02-05 | ||
| | | | | | | | | | | | | Fixes: #2381 | |||
| * | | simplify yes/no option parsing | 2019-02-05 | ||
| | | | ||||
| * | | Stress apparmor local overrides | 2019-02-05 | ||
| | | | | | | | | | As per discussion on https://github.com/netblue30/firejail/pull/2390, we better use slightly stronger/less optional wording when it comes to where local apparmor overrides need to be done. | |||
* | | | strncmp byte count fixes | 2019-02-06 | ||
|/ / | ||||
* | | firejail.config fixes | 2019-02-04 | ||
| | | | | | | | | always print a warning, treat join-or-start like join | |||
* | | --name rework | 2019-02-01 | ||
| | | ||||
* | | Fix parsing of cgroup option in config | 2019-01-27 | ||
| | | ||||
* | | enable/disable cgroup in firejail.config | 2019-01-27 | ||
|/ | ||||
* | removed mincore syscall from default seccomp filter | 2019-01-23 | ||
| | ||||
* | Edit github-desktop entree in firecfg | 2019-01-22 | ||
| | ||||
* | conditional testing0.9.58-rc1 | 2019-01-21 | ||
| | ||||
* | Merge branch 'master' of https://github.com/netblue30/firejail | 2019-01-20 | ||
|\ | ||||
| * | Add clawsker to firecfg.config | 2019-01-20 | ||
| | | ||||
* | | cleanup, minor improvements | 2019-01-20 | ||
| | | ||||
* | | disallow zero seconds timeout | 2019-01-20 | ||
| | | ||||
* | | rearrange shutdown option | 2019-01-20 | ||
| | | | | | | | | in order to run it with reduced privileges | |||
* | | signal handler fixes/improvements | 2019-01-19 | ||
| | | ||||
* | | improve chroot error handling | 2019-01-19 | ||
|/ | ||||
* | adding mincore syscall to the default seccomp filter and some independent ↵ | 2019-01-14 | ||
| | | | | profiles | |||
* | fix error message | 2019-01-13 | ||
| | | | | | as --appimage can be combined with chroot and overlay options, querying it first makes the error message more correct | |||
* | fix parent death signal | 2019-01-13 | ||
| | | | | | | turns out the parent death signal is reset every time the effective uid changes, hence moving the prctl call to the earliest place where the setting is persistent. | |||
* | fix netfilter-default functionality in /etc/firejail/firejail.config | 2019-01-09 | ||
| | ||||
* | fix join/seccomp #2296 | 2019-01-08 | ||
| | ||||
* | Correctly set address length in arp frames | 2019-01-02 | ||
| | | | | | | | | | | Kernel commit 99137b7 introduced an additional check of the address length. This exposed a bug in the arp code where the address length was being set incorrectly. Now the length is set from the ETH_ALEN constant declared in linux/if_ether.h This fixes #2314 | |||
* | Add a profile for ghostwriter (#2319) | 2018-12-30 | ||
| | | | | | * Add a profile for ghostwriter | |||
* | join: also check proc file to detect nonewprivs bit | 2018-12-17 | ||
| | | | | | redundant check that adds defense in depth and maybe one day can replace the other, file based check | |||
* | Merge pull request #2297 from smitsohu/patch | 2018-12-17 | ||
|\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | |||
| * | enforce nonewprivs instead of seccomp for chroot sandboxes | 2018-12-15 | ||
| | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | |||
* | | New profile for supertuxkart. (#2298) | 2018-12-16 | ||
| | | | | | | | | | | | | * New profile supertuxkart * review fixes | |||
* | | fix netstats typo in man firejail | 2018-12-16 | ||
|/ | ||||
* | join: check prctl return value | 2018-12-14 | ||
| | ||||
* | add explicit nonewprivs support to join option; accompanying small improvements | 2018-12-14 | ||
| | ||||
* | firecfg: improve error string | 2018-12-13 | ||
| | | | | emphasize that only firecfg needs all permissions, not firejail | |||
* | pulseaudio: use create_dir_as_user(); small adjustments | 2018-12-13 | ||
| | ||||
* | Revert "pulseaudio: use env variable fallback in more cases" | 2018-12-13 | ||
| | | | | | | | | | This reverts commit 93779cb9cd0d098cd3587e2f795200d98e3af1ee. That commit removed restrictions, but also added new inconsistencies. Starting again from the previous state is easier than evolving the current state, hence reverting the commit. | |||
* | pulseaudio: use env variable fallback in more cases | 2018-12-11 | ||
| | | | | | | setting the PULSE_CLIENTCONFIG environment variable to the unmounted file is a safe fallback, use it in more cases when mounting is considered not an option | |||
* | add create_empty_dir_as_user function, refactor | 2018-12-11 | ||
| | ||||
* | xorg: check if Xauthority mount point was created | 2018-12-11 | ||
| | | | | and print more meaningful error message | |||
* | Add a profile for thunderbird-wayland | 2018-12-10 | ||
| | ||||
* | improve sandboxing of KDE apps: set KDE_FORK_SLAVES, blacklist slave-sockets | 2018-12-07 | ||
| | | | | | | | | | | setting the KDE_FORK_SLAVES environment variable removes all inconsistencies that arise from slaves running outside the sandbox or in a different sandbox; it also makes it slightly more difficult to abuse KIO in general and helps to mitigate security problems due to thumbnailing, which now always happens inside the same sandbox. The trade-off is more concurrently running slave processes. closes #2285 | |||
* | add HAS_NODBUS conditional, ${RUNUSER} makro | 2018-12-07 | ||
| | ||||
* | merges | 2018-11-29 | ||
| |